LDLeo D. Penroseinbuildingbibby.hashnode.dev·Mar 6 · 5 min readClosing the Loop: Proxy-Aware Rate Limiting With X-Forwarded-ForTL;DR The previous PR fixed getLocalAddr() → getRemoteAddr() for rate limiting. That fix is still broken behind a reverse proxy: getRemoteAddr() returns the proxy's IP, so all real clients share one 00
LDLeo D. Penroseinbuildingbibby.hashnode.dev·Mar 6 · 11 min readToken Buckets, API Keys, and the Bug That Rate-Limited the ServerTL;DR The /api/v1/books/fetchbookmetadata endpoint had no abuse protection. Any client could spam ISBN lookups indefinitely, exhausting Google Books anonymous quota for every user. Implemented a han00
LDLeo D. Penroseinbuildingbibby.hashnode.dev·Mar 2 · 7 min readHow I Enforced Hexagonal Boundaries Across 92 Commits in One WeekWhen I ran IntelliJ's Dependency Structure Matrix on Bibby — my personal library management system built with Spring Boot and DDD — the result was ugly. My BookController was reaching directly into Sh00
LDLeo D. Penroseinbuildingbibby.hashnode.dev·Mar 2 · 10 min readHollowing Out a Facade: Completing the Use Case Port ExtractionTL;DR ShelfCommandFacade had three methods. All three now have dedicated single-method ports. The facade is dead code. PlaceBookOnShelfUseCasePort extracted: BookController and ShelfController now i00
LDLeo D. Penroseinbuildingbibby.hashnode.dev·Mar 2 · 10 min readOne Method Is Enough: Extracting a Use Case Port for Cross-Module DeletionTL;DR ShelfAccessPortAdapter (in the bookcase module) needed to delete shelves. It did this through ShelfCommandFacade — a 3-method interface whose other two methods the adapter never touches. Fix: 00
